Enabling trusted commerce and protecting customers

Payment Security is embedded in everything we do. Our multilayered approach to security drives everyday innovation.

At Visa, we are committed to connecting and protecting the digital payments system and its users through a multi-layered approach.

For annual programmatic and progress updates please see our latest Corporate Responsibility and Sustainability Report.

VISA ENABLING TRUSTED COMMERCE AND PROTECTING CUSTOMERS FOCUS AREAS

Payments security

We aim to increase transaction approvals so that businesses can thrive while customers are protected and satisfied—no matter where or how they pay or are paid.

At Visa, security is composed of three key areas:

  • Credentials Security: the ability to secure transactions and limit financial losses for ecosystem participants.
  • Operational Resiliency: the ability to maintain a network that is always on and helps participants identify risks, improve decision making and transact efficiently.
  • Ecosystem Integrity: the ability to identify and stop or mitigate illegal activity.

The Visa Intelligent Security framework offers our ecosystem partners dynamic, data-rich solutions that help balance fraud reduction and dispute prevention. The Intelligent Security framework spans the entire transaction lifecycle:

  • Account Onboarding and Management: Visa provides financial institutions with tools to identify identity fraud at account opening, and through our financial institution clients, Visa provides consumer tools to manage security, including restrictions on account use and customizing alerts.
  • Consumer Identity and Authentication: We use artificial intelligence-powered authentication strategies to prevent unauthorized access to Visa accounts.
  • Transaction Authorization: We use tools such as Visa Advanced Authorization, which applies real-time artificial intelligence and machine learning to evaluate the trustworthiness of transactions to prevent fraud without inconveniencing consumers.
  • Dispute Management: We help consumers and issuers to proactively address transaction disputes through Visa tools such as Verifi, which provides issuers and customers access to transaction information from sellers via a global data-sharing network.
  • Performance Optimization: An important piece of the Visa Intelligent Security strategy is our commitment to enhancing payment performance by reducing fraud and increasing efficiency.

Cybersecurity

Recognizing that the cyber threat landscape continues to evolve, Visa is committed to championing cybersecurity within our operations. We use an established risk assessment methodology and framework to identify cybersecurity risks and associated business impacts.

At Visa, we build and use AI to detect and secure cyber threats. We approach cybersecurity with a layered defense-in-depth strategy. We further advance our capabilities based on our core areas of focus, including enhancing our architecture, expanding our data security program to include unstructured data, and conducting continuous security and efficacy efforts.

We leverage the following components to enact our cybersecurity strategy across the business:

  • Policy and Training: Visa’s cybersecurity policy framework, the Key Controls, details our approach to protecting our information and technology assets, including the safe handling of consumer nonpublic personal information. We provide new employees with security awareness training and conduct annual Key Controls training for all staff, to promote good cyber-hygiene and familiarity with Visa processes and tools.
  • Adaptive Resiliency: We regularly conduct cross-functional response and resiliency exercises involving multiple internal teams as well as external partners and agencies. We further evolved the Visa Cyber Fusion Framework to drive an active and adaptive global Cyber Defense capability. This capability allows us to meet the increasing threat landscape through the ability to rapidly collect, analyze and use cyber threat intelligence while providing continuous real-time validation of our security tools and assets.
  • Audit and Third-Party Certifications: To promote the effectiveness of our cybersecurity approach and systems, we conduct multiple internal and external audits of our IT infrastructure and applications every year. These systems also are subject to examination by the Federal Banking Agencies and other regulators from across the globe. Examples of external reviews include: Payment Card Industry Data Security Standard, Statement on Standards for Attestation Engagements (SSAE-18) and International Standard on Assurance Engagements 3402.

Our cybersecurity approach is supported by robust governance processes that involve regular reporting to management- and Board-level committees responsible for risk management and cybersecurity oversight. We provide regular updates to the full Board, including an annual in-depth review.

Over the past several years, Gartner Consulting assessed Visa’s security posture and assigned Visa its highest rating among peer companies for the overall maturity of our cybersecurity program.


Data privacy

Visa operates one of the world’s largest payment networks, and respecting privacy is central to our purpose. Visa has a Global Privacy Program to ensure proper safeguards be applied to personal information we collect, use and share. Our Privacy Program is centered on key privacy principles that allow the Privacy Program to adapt alongside Visa’s global footprint, taking into account industry benchmarks and best practices in addition to evolving laws and regulations.

Building trust begins with a commitment to privacy and security, which instills confidence in our employees and clients, protects our brand and allows us to innovate responsibly. We also recognize that data is a powerful tool that can fuel innovation, improve customer experiences, safeguard consumers from fraud and deliver new value to consumers. 

Our focus is simple: to use the data entrusted to us in a responsible manner to benefit consumers and help businesses and economies grow. We embed these and other practices through a robust privacy program that allows us to measure and monitor organizational practices. We strive to be transparent about our data practices. To learn more about how Visa collects, uses and shares Personal Information, as well as the privacy choices we offer, please refer to our Visa Global Privacy Notice.

Visa’s Global Privacy Office, composed of dozens of privacy professionals around the world, is led by Visa’s Chief Privacy Officer and closely coordinates with several cross-functional teams and governance bodies, including the Cybersecurity team and Global Data Office. 

The Corporate Risk Committee and the Visa Inc. Audit and Risk Committee oversee the Global Privacy Program and the risks related to data privacy, including our compliance with current and emerging data protection laws around the world.


Responsible data use

When it comes to data at Visa, our focus is simple: to use the data entrusted to us to enable individuals, businesses and economies to thrive. Visa relies on data to improve the security and value of the Visa network, better serve our clients and partners, protect consumers from fraud and drive positive impact for communities and economies around the globe.

We recognize consumers are concerned about how their data is collected, used, shared and kept secure.

At Visa, we have adopted policies and practices designed to embed accountability for data practices throughout the organization and enable responsible execution through the expertise of dedicated security, privacy and data professionals working around the world on these topics.

Emphasizing our commitment to responsible data use, the Visa Data Values capture the principles that we apply when we collect, use and share consumer data. Data innovation is a vital component of Visa’s strategy—and in everything we do—built on our 60-year legacy of responsible data stewardship.


Spotlight: Visa’s data values

Security: Individuals and businesses should have confidence that Visa payment data is safe. There is no higher priority for Visa than safeguarding those who use our products, services and network.

Control: Visa will always strive to provide simple explanations regarding how data may be used and to empower individuals with easy processes to manage use of their data.

Value: Data use at Visa should benefit individuals, businesses and economies. We strive to do this by delivering greater security, financial inclusion and consumer convenience.

Fairness: Visa’s application of data and data-driven insights aims to be fair, inclusive and avoid discrimination. Visa will strive to make our models explainable, accurate and safe.

Accountability: Visa’s approach to data use should be consistently applied at all levels of the organization and be embedded through process, training, and management responsibilities.

The application of these principles may evolve over time, adapting to new privacy and data-related regulations and standards that may emerge, based on the needs of consumers, businesses and economies. As Visa’s business moves into new technologies, payment flows and value added services, we are committed to engaging with policymakers and regulators worldwide to participate in the development and harmonization of data focused laws, regulations and standards.


Responsible Approach to AI

As a pioneer of artificial intelligence (AI) in payments since 1993, Visa believes that AI should benefit individuals, businesses, and economies. This overarching approach is underpinned by our commitment to be accountable stewards of data, uphold privacy, and promote high standards of responsible, ethical, and compliant practices in every market where we operate. Visa’s layered governance framework and corporate values work together to promote accountable data use and sustainable innovation – serving as a core foundation of responsible AI. As an extension of the well-established Visa Data Values, Visa’s AI Principles offer guiding principles for the safeguards we strive to achieve and apply to the development, deployment, and assessment of AI systems and use cases across Visa.  

Spotlight: Visa’s AI Principles 

Security: In pursuit of innovation, Visa strives to deploy AI systems with confidentiality, integrity, and reliability to help ensure robust levels of security and safety for the individuals, businesses, and partners participating in its payments ecosystem. Through appropriate audit and monitoring across the lifecycle of AI systems, Visa aims to uphold quality, prevent misuse, protect data privacy and security, and detect and respond to potential adverse events.

Control: Visa aspires for transparency and appropriate consumer choice and control over data in its AI systems, including explaining the purpose, design, inputs, and outcomes of its AI systems. Visa works to deploy AI systems that respect privacy by design, with controls and governance to create a trusted, confidence-inspiring, ecosystem for individuals, businesses and partners.

Value: Visa invests in and employs AI to drive innovation and support its mission to uplift everyone, everywhere by being the best way to pay and be paid. Visa seeks to create value for individuals, businesses, and economies by innovatively deploying AI systems that promote financial inclusion, consumer convenience, and benefits across the payments ecosystem.

Fairness: In developing AI systems, Visa pursues programs to promote responsible innovation and the ethical use of AI, protect individual rights, and build societal confidence in AI. Visa aims to deploy fair AI systems by reviewing potential risks, unanticipated biases, and adverse impacts throughout the AI lifecycle. Visa strives to act ethically and minimize the risk of unfair outcomes through human oversight of design, data, production output and intended purpose of all AI systems.

Accountability: While striving towards the full potential of AI systems, Visa works to align decisions made or informed by AI with the organization's values and clearly define roles and responsibilities across technology, operational and management stakeholders. Visa is accountable for its use of its ecosystem participants’ data in AI systems and strives to utilize privacy-enhancing techniques to safeguard all stakeholders’ privacy. Visa educates and trains employees to drive responsible AI use and innovation to uphold Visa’s commitment to responsible AI. 


Transaction integrity

Visa connects the world through the most innovative, reliable and secure payments network—enabling individuals, businesses and economies to thrive. Visa is committed to maintaining the integrity of our payment system. We do not tolerate the use of our network and products for illegal activity, and we are vigilant in our efforts to deter illegal activity on our network.

The Visa Integrity Risk Program establishes a set of ecosystem controls, requirements and capabilities that seek to deter, detect and remediate noncompliant transactions across our network. This framework helps network participants that support merchants in legal businesses that are at higher risk for illicit activity maintain proper controls and oversight processes to identify and deter unlawful transactions from entering the Visa payment system.

As part of the Program, Visa:

  • Maintains registration requirements for acquirers and merchants, pursuant to which acquirers attest to their merchants’ compliance with our standards.
  • Provides acquirers guidance and direction on controls to help comply with Visa’s rules.
  • Proactively monitors participant transaction activity via machine- learning solutions.
  • Works with acquirers to identify and terminate merchants that are selling illegal items and services.
  • Engages with law enforcement to stay abreast of ecosystem risks.
  • Supports industry and cross-industry organizations and initiatives such as the Financial Coalition Against Child Sexual Exploitation, a joint initiative of the International Centre for Missing & Exploited Children and the National Center for Missing & Exploited Children, and the Internet Watch Foundation.
  • Combats counterfeiting and piracy in partnership with the International Anti-Counterfeiting Coalition.

See our latest progress

For annual programmatic and progress updates, please see our CRS Resources page for our latest CRS Report.